Validating Azure Resource Manager Templates in Your Build Pipeline on Visual Studio Team Services

Azure Resource Manager Templates is great way of including Infrastructure as Code in to your development practices. ARM Templates can be used to manage your resources on Azure and in some cases, manage configuration as well. When your infrastructure becomes more complex, your ARM Templates will also become larger and complex. And you should treat … Continue reading Validating Azure Resource Manager Templates in Your Build Pipeline on Visual Studio Team Services

Advertisements

Deploying a Web Application from Source Control Alongside Azure Resources using ARM Templates

In this short article I describe a way of deploying a web application in to an Azure App Service Web App alongside the Web App resource itself using Azure Resource Manager templates. First create a new Azure Resource Group project using Visual Studio. Give the project a name and select a location for the project. … Continue reading Deploying a Web Application from Source Control Alongside Azure Resources using ARM Templates

Introducing OWASP Zed Attack Proxy Task for Visual Studio Team Services

Few weeks back, I wanted to setup automated security testing for the project I am working on and add that to our release pipeline. To achieve this OWASP ZAP was the obvious option. It’s actively maintained with a lot of great features, it’s free and has an API that can be used to access its … Continue reading Introducing OWASP Zed Attack Proxy Task for Visual Studio Team Services

Building Custom Visual Studio Team Service Tasks with VSTS DevOps Task SDK

In this article, we will be building a simple Visual Studio Team Services build & deployment task using VSTS DevOps Task SDK and upload it to our Visual Studio Team Services account in order to use it in our build and release pipelines. To create a custom Visual Studio Team Services task, you need some … Continue reading Building Custom Visual Studio Team Service Tasks with VSTS DevOps Task SDK

Automated Security Testing with OWASP Zed Attack Proxy: #3 Working the Result of ZAP Security Scan to Pass or Fail the Security Tests

In the previous article, we created and ran Automated Security Tests on Visual Studio Team Services. One shortcoming of the security tests we wrote was that there was no way of failing the security tests if the result of the test exceeds a certain threshold. The test only executed the security scan and then gave … Continue reading Automated Security Testing with OWASP Zed Attack Proxy: #3 Working the Result of ZAP Security Scan to Pass or Fail the Security Tests

Automated Security Testing with OWASP Zed Attack Proxy: #1 Installing & Configuring OWASP ZAP on an Azure Virtual Machine

OWASP Zed Attack Proxy (ZAP) is a free security tool that helps you automatically find security vulnerabilities in your web applications. It is one of the most popular tools out there and it's actively maintained by the community behind it. It’s a great tool that you can integrate while you are developing and testing your … Continue reading Automated Security Testing with OWASP Zed Attack Proxy: #1 Installing & Configuring OWASP ZAP on an Azure Virtual Machine

Continuous Code Quality with SonarQube: #1 Installing and Configuring SonarQube using Azure Virtual Machine & Azure SQL

SonarQube a product by SonarSource, is an open source platform that can be used to manager source code quality for development teams. SonarQube is a great product that you can integrate with your existing build pipelines to analyze your code base and find bugs, vulnerabilities, code smells and manage the technical debt of your source … Continue reading Continuous Code Quality with SonarQube: #1 Installing and Configuring SonarQube using Azure Virtual Machine & Azure SQL